Malware with many tricks: VoidStealer is part of a broader shift in how infostealers are evolving post-ABE. The malware already supports multiple bypass techniques, falling back to older injection-based methods if needed, but clearly prioritizing stealth where possible.Krejsa also warned of its development pace. Since first appearing in December 2025, the malware has evolved quickly through versions, suggesting active maintenance and likely customer demand in underground markets. The malware, which runs a MaaS model, has undergone a total of 12 iterations so far, with the latest version “v2.1” rolled out on Mar 18, 2026.Because VoidStealer avoids injection and privilege escalation, traditional indicators could fall short, Krejsa noted. He said defenders must focus on behavioral signals, including unexpected debugger attachments to browser processes, unusual use of memory-reading APIs, and anomalous Chrome process spawning patterns.As a primary indicator of compromise (IoC), the researcher shared a sample linked to VoidStealer v2.0.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4148601/chrome-abe-bypass-discovered-new-voidstealer-malware-steals-passwords-and-cookies.html
